Today I consider some best practices regarding a compliance hotline.

  1.  The hotline should be developed and maintained externally. It seems axiomatic that em­ployees tend to trust hotlines maintained by third parties more than they do internally maintained systems. Through the submitting of reports via an external hotline there is a perceived extra layer of anonymity and impartiality compared to a sys­tem developed in-house. A third party provider is also more likely to bring specialist expertise that’s difficult to match within the organization.
  2. The hotline supports the collection of detailed infor­mation. As with most everything else, information is power. If a CCO can gather and re­cord information throughout a complaint life cycle, the company will have greater insight into the situation and a company can protect itself more effectively from accusations of negligence or wrongdoing. A hotline reporting system should provide consolidated, real-time access to data across all departments and locations, plus analytic capabilities that allow you to un­cover trends and hot spots. All reported materials should be consolidated in one comprehensive, chronologi­cally organized file, so a CCO can monitor ongoing progress and make better, more informed decisions.
  3. The hotline must meet your company’s data retention poli­cies. Retaining data in a manner consistent with your internal data retention policies is important. A hotline should offer a secure, accessible report retention database, or you may be faced with making your own complicated and costly arrangements for transmitting and storing older reports to a permanent storage location.
  4. The hotline should be designed to inspire employee confidence. Retaliation or perceived unfairness to those making hotline complaints will destroy the effectiveness of the internal reporting process and poison the corporate culture. A hot­line must be seen to offer the highest levels of protection and anonymity. To encourage employee participation, the hotline should allow them to bring their concerns directly to some­one outside their immediate chain of command or workplace environment – especially when the complaint concerns an immediate superior. The hotline should also enable employees to submit a re­port from the privacy of an off-site computer or telephone. It may seem like a small convenience, but giving employees the freedom to enter a complaint from a location that is safe can make a huge difference to participation rates.
  5. The hotline offers on-demand support from subject matter experts. Opening lines of communication can bring new issues to your compliance group. It is therefore important that once those reports are entered into the system, a person or function has the responsibility to follow up in a timely manner. One of the biggest mistakes you can make is to sit on a hotline complaint and let the employee reporting it fester. Additionally, with the short time frames set out in the Dodd-Frank Whistleblower timelines for resolution before an employee can go the SEC to seek a bounty, the clock is literally clicking.
  6. The hotline provides inbuilt litigation support and avoidance tools. A company must make certain that its hotline is preconfigured to meet the legal requirements for document retention, at­torney work product protection procedures, and attorney-client privilege. Developing these tools in-house can add signifi­cantly to your costs, and maintaining a hotline without one exposes your organization to unacceptable risk.
  7. The hotline supports direct communication. A hotline should open the lines of communication and give you a di­rect sight-line into the heart of your company. Look for a system that enables you to connect directly, privately, and anonymously with the person filing a complaint. Direct communication also signals to employees that their complaints are being heard at the highest levels.

Like other risk management issues, hotlines must also be managed effectively after implementation and roll-out. Here are some practical tips which will help you make your hotline an effective and useful tool.

Get the word out. If employees do not know about the hotline, they will not use it. Allocate a portion of your time and budget to promoting the corporate hotline through multiple channels. Put up posters and distribute cards that employees can keep in their wallets or desk drawers. Deliver in-person presentations where possible. And do not think of the promotional initiative as a one-time effort. It is important to remind employees regularly, through in-person communications, via e-mail, or through intranets, newsletters, and so on, that this resource is available to them. Some hotlines offer promotional materials to help make the job easier; make sure you ask what type of promotional support may be available.

Train all your employees. Getting employees to use the system is one half of the challenge; ensuring they use it properly is the other half. This is where training becomes essential. Make sure people understand what types of activities or observations are appropriate for reporting and which are not. HR and compliance staff will need training too, to help them understand how the hotline impacts their day-to-day activities. Company leaders also need to understand the role the hotline plays in the organizational culture, and the importance of their visible support for this compliance initiative.

Take a look at the data. Use the data derived from or through the hotline to identify unexpected trends or issues. Examples might be what percentage of employees use the hotline and what issues are they submitting? A healthy hotline reporting system will yield reports from .5 to 2 percent of your employee base. If your reporting patterns are higher or lower, it may indicate mistrust of the hotline, misuse, or a widespread compliance issue. Isolate the data by location and department to identify micro-trends that could indicate problems within a subset of your corporate culture. Analyzing the data can help you stay a step ahead of emerging issues.

Response is critical to fairness in the system. Seeing a hotline system in action in this way can go a long way toward dispelling employee fears of being ostracized or experiencing retaliation because if they see that their concerns are heard clearly and addressed fairly, they will learn to view the hotline as a valuable conduit. If your compliance group responds promptly and appropriately to hotline complaints, you can ensure robust participation and ongoing success. Even when a complaint proves to be unfounded, it can still provide an opportunity to open a dialogue with employees and clear up any misunderstandings. Responding to reported issues also gives compliance officers a chance to prove that issues can be resolved or addressed while protecting the privacy and anonymity of the whistleblower.

Three Key Takeaways

  1. Get the word out to your employees about your company hotline through a variety of mediums and platforms.
  2. Train your employees on the use of the hotline.
  3. Use data from your hotline to continually update and improve your compliance program.

In this episode, I visit with James Gellert, CEO of RapidRatings, a company which uses a financial dialogue to determine third party supplier health and viability. Gellert explains what supply chain resilience is and how can examining financial health of your suppliers can lead to a more financially efficient supply chain. We then discuss the company’s third party risk management tools. We consider how a company might evaluate a potential purchaser, partner or someone buying a part of a business. Finally we have a lengthy discussion of how a corporate compliance function use the health of a third party as a tool to determine third party compliance risk?

For more information on RapidRatings, check out their website by clicking here.

After last week’s guest announcers, Jay and I return for a wide-ranging discussion on some of the week’s top compliance related stories, including:

  1. The first Declination of the Session’s Justice Department, Linde gas.
  2. The son of Equatorial Guinea’s president went on trial this week in France for embezzlement of funds from the country.
  3. The UK SFO charges four former senior executives at Barclays Bank criminally around funding issues in the 2008 financial crisis.
  4. Embattled Uber CEO Travis Kalanick resigns under pressure. Will there be a backlash, who will run the company?
  5. Compliance in the 21stcentury, welcome to ComTech.
  6. Hui Chen departs the Justice Department with a flurry of tweets.
  7. Jay previews his weekend report.
  8. We preview the upcoming episode of Everything Compliance which is in production and will be released next Thursday. Topics include Matt Kelly on Uber and the need for policies and procedures, Jonathan Armstrong on fake news around GDPR, Mike Volkov on blockchain and how it may change compliance, and Jay Rosen, Linde notwithstanding, on the dearth of recent DOJ FCPA activity. For a sneak peak, listen to Matt Kelly’s rant at the end of this podcast.

 

 

Who to suspend during any Foreign Corrupt Practices Act (FCPA) investigation is always a delicate question to answer. Unfortunately there is never an easy answer. As the Volkswagen (VW) emission-testing scandal continues to reverberate, it continues to bring up some very knotty questions, which have bedeviled the Chief Compliance Officer (CCO) or compliance practitioner in many areas. De-confliction has also recently arisen as a bedeviling issue.

In an article in the Wall Street Journal (WSJ) entitled “Scope of VW Suspensions Grows”, William Boston reported on the ongoing internal investigation by the company’s outside counsel Jones Day. Boston noted that VW had “suspended a larger number of engineers than previously acknowledged, following a recommendation from the law firm conducting” the investigation. The article went on to state, “Jones Day urged suspension of anyone who could have been involved in the scam – from high level decision makers to ordinary engineers – to prevent possible perpetrators from tampering with the evidence”.

This final statement emphasizes a key consideration in a FCPA investigation, which is to tie down the evidence. Former Arnold & White partner Mara Senn has said that “probably from the government’s perspective, the most important aspect of setting up an investigation in a way that makes them feel comfortable, is ensuring that all data is locked down.” However, if you are worried about evidence tampering you may have a bigger problem on your hands.

Pointing up the difficulties in making such a blanket sweep an un-named source, who provided this information to Boston, was quoted in the WSJ piece as saying “We had to suspend everyone in this area to get them out of the way of this process. This is necessary for the investigation, but it’s really hard for us because we are now missing their professional knowledge and experience.”

This issue brings up another point that Senn has discussed, around when to suspend or discipline an employee during an internal investigation. Senn related, “That is a very case-by-case difficult question to answer, but in general, I think it’s better to keep them around for as long as you may need them. Once they’ve been fired or otherwise disciplined, really, even if you keep them around, they’re going to be less cooperative with you and possibly, if you fire them, not cooperative at all. You can require them to be cooperative in the termination agreement, but obviously in practice, cooperation can mean a lot of different things.”

In view of the Schrems decision by the European Court of Justice (ECJ), I also wonder how the investigation will fair with the German based employees? Obviously there will be data that in the US would be deemed company-owned but in Europe it may well be private to the employee being investigated. This problem became even greater with the recent decision by Privacy Regulators from 28 EU nations that backed the ECJ’s Schrems decision that invalidated the Safe Harbor regime. As reported by Jo Sherman in the FCPA Blog, “that closed the legal pipeline by which data has flowed freely from the EU to the U.S. for the last 15 years. The rationale for the court decision and the subsequent backing of the EU Data Protection Authorities is that the surveillance powers of the U.S. government are considered to be too excessive and disproportionate, and can override the data protections for EU citizens under the Safe Harbor framework.”

Lanny Breuer, the former number two at the Department of Justice (DOJ) and now a partner at Covington and Burling LLP, raised an interesting concern in the context of the Justice Department’s FCPA Pilot Program. It is around what Breuer terms “de-confliction”. This involves the government asking a company to halt its own investigation for the government to be the first to interview witnesses. At the FCPA Blog Conference, Breuer said that if “de-confliction” is required as cooperation to gain the benefits of the pilot program, such a request from the DOJ would be “an extraordinary request, in my view” because it “could lead companies to be unable to disclose to other agencies or to shareholders, and it could keep a board in the dark about the alleged wrongdoing.” Breuer added, “In general, publicly traded companies can’t just stand down from doing an investigation when such an allegation comes in.” He also commented that “he’d been asked to do so a couple of times.”

Breuer raised four questions during his presentation which every investigator must consider in the area of de-confliction. (1) Would complying with the request be consistent with directors’ and corporate officers’ fiduciary duty of oversight?; (2) How can a company make decisions without speaking with its employees?; (3) How will a delay affect the company’s other regulatory obligations?; and (4) How can external counsel advise a company without knowing the facts? Companies hire external counsel to conduct thorough investigations, evaluate their clients’ conduct, and provide informed legal advice. These tasks can be difficult if not impossible to accomplish where external counsel have their hands tied behind their backs.

Clearly the DOJ could have a broader remit or be involved with other ongoing investigations where they might make such requests. However, such ‘de-confliction’ could stop a company from engaging in a root cause analysis or even robust investigation. At the same conference, an earlier panelist, Gerald Kral, the Chief Ethics and & Compliance Officer (CECO) of Brown-Forman, said on his panel that his company did an extensive root cause analysis of every claim or incident so it can not only understand what happened but put sufficient risk management protections in place to try and make sure it does not happen again.

Three Key Takeaways

  1. The decision on whom to discipline and when are critical decisions during any investigation.
  2. You should take a case-by-case approach.
  3. The de-confliction question can be quite troubling during an internal investigation.

 

 

 

 

 

 

 

 

In this episode, Matt Kelly and I take a deep dive into the first Declination issued by the DOJ in the era of the Trump Administration, which was issued by the DOJ on June 16, 2017, when it issued a Declination to Linde North American Inc. and Linde Gas North America LLC (collectively “Linde”). The case presented several interesting factors which merit consideration so we are presenting lessons to be learned for the Chief Compliance Officer (CCO) or compliance practitioner.

The Bribery Scheme

Linde acquired Spectra Gases, Inc. (Spectra Gases) in October 2006. In November 2006, it purchased certain assets from the National High Technology Center (NHTC) of the Republic of Georgia. One of the keys to this purchase was a piece of equipment called the ““boron column,” which were used to produce boron gas.” Sales of boron gas after the acquisition helped fund the purchase price and payout to Spectra executives who stayed on after Linde purchased Spectra Gases.

Unfortunately, the three Spectra executives who stayed on were in cahoots with corrupt offices from the NHTC who made the sales agreement with Linde. Part of the Earn-Out by the former Spectra (now Linde) officials was paid to these corrupt government officials, both directly and through certain third parties. But the funding scheme to pay the bribes was quite creative and demonstrates once again to the compliance practitioner the myriad ways in which funds can be generated to pay bribes.

For reasons not made clear, Linde did not purchase the boron column outright but allowed the former Spectra executives and the corrupt NHTC officials to form two new entities to own and operate the boron column, Spectra Investors LLC (Spectra Investors) and Spectra Gases Georgia, which was wholly owned by Spectra Investors. Spectra Investors was owned 51% by the corrupt NHT officials and 49% by the Spectra Gases executives who now worked for Linde. Spectra Gases Georgia was formed as a separate management company, by the NHTC officials, which was claimed to provide services to Spectra Investors for which it would receive recompense. Of course, there was no evidence of services being delivered under this arrangement as it was simply a mechanism to funnel monies to the corrupt officials.

As a result of the ownership structure of Spectra Investors, with 51% being owned by corrupt NHTC officials and the management services contract, the corrupt NHTC officials received “approximately 75% of the profits generated by the boron column” while Spectra Gases received 25% of the profits. Clearly even with bribery and corruption, it was a bad business deal. In January 2010, Linde dissolved Spectra Gases and became its successor-in-interest and at some point later discovered the illegal conduct. Prior to the time of the dissolution, Spectra Gases had “received approximately $6,390,000”. After Linde became the direct owner, it “received approximately $1,430,000 as a result of the corrupt” actions.

The Declination

While there is a dearth of fact about how the matter came to the attention of Linde and when it disclosed the matter to the DOJ, the decision to decline to prosecute was based on the following factors: (1) Linde’s timely self-disclosure; (2) a “thorough, comprehensive and proactive investigation” [emphasis supplied]; (3) Linde’s full cooperation and meeting the Yates Memo requirement for disclosing all known relevant facts about the “individuals involved in or responsible for the misconduct”; (4) full profit disgorgement; (5) Linde’s enhancement of its compliance program and internal controls; and (6) Linde’s full remediation, including termination or discipline of the three Spectra executives and lower-level employees involved in the misconduct; termination of the fraudulent management contract between the corrupt NHTC officials and Spectra Investors and termination of the Earn-Out payment due to the former Spectra executives who became Linde employees.

Lessons Learned

This was yet another Foreign Corrupt Practices Act (FCPA) action where a company performed insufficient due diligence in the acquisition phase. The timing of the Linde purchase of Spectra Gases and Spectra Gases’ purchase of the income producing assets is too close in time to be a coincidence. It would certainly appear that Linde purchased Spectra Gases to facilitate its acquisition of the boron column and other assets. If your company is going to make such a multi-step acquisition, you must perform due diligence on all the actors and the assets involved.

The Byzantine corporate structure created for the ownership of the boron column, its operation and management contract are clear red flags that any CCO should sniff out immediately. While I am sure the internal corporate excuse for this clear ruse was the ubiquitous ‘tax considerations’; every such transaction should be reviewed by compliance as well. Anytime there is more than one entity to accomplish one task, there is the possibility of fraud present. Further, it is not clear how Linde could not have been aware of the ownership interests of a company which it ultimately controlled. It would seem that the company did not even make any inquiry.

Even in 2006, the Republic of Georgia’s reputation for bribery and corruption was quite high. The 2006 Transparency International-Corrupt Perceptions Index (TI-CPI) listed Georgia at 99 out of 176 countries listed so that alone warranted red flag scrutiny. If you are purchasing an entity in a country with such well known affinity for corruption, extra care is warranted. Perhaps back in 2006, Linde did not view the FCPA as something which it would deal with in such a situation.

Yet even with all the apparent miss-steps and non-steps of compliance, the company was able to secure a declination from the DOJ. While there may be some additional penalties or sanctions by the Securities and Exchange Commission (SEC) for the failures of internal controls, the result obtained by Linde was certainly a superior result. The company would seem to have met the four pillars under the FCPA Pilot Program through (a) self-disclosure, (b) extraordinary cooperation, (3) full remediation, and (d) profit disgorgement. Interestingly, the profit disgorgement in this case would appear to have been beyond the five year of limitations for profit disgorgement under the recent Supreme Court decision in Kokesh. If there is a FCPA enforcement action brought by the SEC perhaps additional facts will be recited in any resolution documents.

Nevertheless, kudos are due to Linde and its counsel for obtaining this declination. Every CCO should study it for both the superior result received and underlying facts to see if you face anything similar in the Republic of Georgia or elsewhere.